The following is a guest post from Greg Cullison, Senior Executive of Security, Stability & Insider Threat Programs at Big Sky Associates
The issue of ‘Insider Threat’ may be one that has recently crossed your desk. If so, you are aware that insiders can cause harm in ways that are not as easy for outsiders to achieve. The Insider is usually a trusted employee or contractor with legitimate access to your network. Without this access he cannot perform his job functions. As a direct result, he knows exactly where to find the most privileged information and steal or damage it without raising alarm bells.
You may be contemplating a cyber security solution like IS Decisions to actively monitor user behavior and restrict malicious activity like unauthorized logins. These solutions will be the most effective when implemented in an organization that is taking or has already taken measures to ensure its readiness to prevent, detect and remediate breaches associated with rogue insiders. For example, do you have the right policies and end-to-end procedures in place? Have you established a training curriculum? Do you have a centralized Insider Threat program with a ‘playbook’ that directs the responsible parties on what to do if a breach occurs?
Insider threat is a complex and cross-functional matter, touching many if not all functional areas of an organization. It’s not enough to simply have security policies written in a handbook. If you are looking for a simple (and free!) way to get started with understanding your organization’s state of protection against insider threat, Big Sky Associates has developed an online insider threat self-assessment which covers the major areas you need to address for a successful program. Big Sky is an operations improvement advisory company with deep experience in security issues like Insider Threat. After you take the assessment, Big Sky will provide a tailored recommendation report that shows your organization benchmarked against industry standards and best practices. It’s information you can put to use right away, and respondents have seen immediate benefits. In one recent case, a major international professional services firm took the assessment and preliminary analysis of their results highlighted many areas of potential insider threat risk.
The firm recognized that their inability to quantify and assess risks as well as the lack of an established insider threat program could lead to inadvertent and deliberate mishandlings of proprietary data, which, in turn, could result in catastrophic financial losses and reputational damage. Second order effects could include human resource losses and compromised intellectual capital, which severely undermine the firm’s competitive position. Ultimately, the failure to prevent, detect, and remediate insider threats appropriately could have had national security consequences.
Mapping their current state of insider threat prevention, detection, and remediation processes called out specific areas for improvement. Once all components of the processes were fully understood, the processes could be streamlined and aligned with a set of consistent procedures to execute. Now, improved risk management can result in better intellectual capital protection and mitigation of the risk of leaks of proprietary information.
